CN105335197B - The starting control method and device of application program in terminal - Google Patents
The starting control method and device of application program in terminal Download PDFInfo
- Publication number
- CN105335197B CN105335197B CN201510776511.7A CN201510776511A CN105335197B CN 105335197 B CN105335197 B CN 105335197B CN 201510776511 A CN201510776511 A CN 201510776511A CN 105335197 B CN105335197 B CN 105335197B
- Authority
- CN
- China
- Prior art keywords
- digital signature
- application program
- terminal
- signature information
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses a kind of starting control method of application program in terminal and devices, and wherein method includes: to receive the enabled instruction for being directed to application program, and judge to prevent whether the strategy of process initiation is opened by digital signature in terminal;If it is determined that preventing the strategy of process initiation from having turned on by digital signature, is then preset in registration table address from the first of terminal and read digital signature information;And be updated according to digital signature information of the preset white list library to reading, so that the operating system of terminal starts application program according to updated digital signature information.This method is updated the corresponding digital signature information of prevention process initiation strategy according to default white list; so that when the digital signature information of normal or legal application program is written to above-mentioned strategy; it can detect in real time and delete relative recording; it avoids malice of the Malware to application program launching when from preventing, improves the security performance of system.
Description
Technical field
The present invention relates to field of computer technology, in particular to the starting control method and dress of application program in a kind of terminal
It sets.
Background technique
Currently, operating system provides an a kind of utilization group plan in order to avoid the invasion by fly-by-night application program
Slightly come the method for carrying out starting control to application program, the software limitation policy in above-mentioned group policy can pass through the number of software
Signing certificate identifies the application program for allowing to run in an operating system, wherein the relevant information of the digital signature of software
It is recorded in registration table, for example, if the AuthenticodeEnabled registry value of the REG_DWORD type in registration table
It is not 0, then it represents that the strategy that the process initiation of application program is prevented by digital certificate is opened, so as to prevent to answer accordingly
Started with program, to guarantee invasion of the operating system not by fly-by-night application program.
But it is above-mentioned using group policy come to application program carry out starting control method have the following problems: this side
Method is easy to be utilized by Malware, i.e., Malware can be by adding the digital signature of legal or normal application program
It is added in software limitation policy, causes corresponding application program on startup, can be prevented by operating system, to cause starting
Failure, for example, digital signature of the Malware by the application program A that will there is defence, antivirus function in operating system
Information is added in software limitation policy, will result in the starting failure of A, so that the defence of application program A, antivirus function
Failure causes operating system to be easy the attack by Malware, so that the security performance of whole operation system is by very
Big threat.
Summary of the invention
The purpose of the present invention is intended to solve above-mentioned one of technical problem at least to a certain extent.
For this purpose, the first purpose of this invention is to propose a kind of starting control method of application program in terminal.The party
For method according to default white list to preventing the corresponding digital signature information of process initiation strategy from being updated, ensure that can be accredited
The normal starting for appointing application program avoids malice of the Malware to application program launching when from preventing, improves the safety of system
Performance.
Second object of the present invention is to propose a kind of starting control device of application program in terminal.
To achieve the goals above, in the terminal of first aspect present invention embodiment application program starting control method,
It include: to receive the enabled instruction for being directed to the application program, and judge to prevent process by digital signature in the terminal
Whether the strategy of starting is opened;If it is determined that it is described by digital signature prevent process initiation strategy have turned on, then from
Digital signature information is read in the default registration table address of the first of the terminal;And according to preset white list library to reading
The digital signature information taken is updated, so that the operating system of the terminal is signed according to the updated number
Name certificate information starts the application program.
The starting control method of application program in the terminal of the embodiment of the present invention refers to receiving the starting for application program
When enabling, it can determine whether to prevent whether the strategy of process initiation is opened by digital signature in terminal, if had turned on, from end
Digital signature information is read in the default registration table address of the first of end, and according to preset white list library to the number of reading
Signing certificate information is updated, i.e., according to preset white list library to the corresponding digital signature of prevention process initiation strategy
Information is updated, so that the operating system of terminal starts application program according to updated digital signature information, so that
When the digital signature information of normal or legal application program is written to above-mentioned strategy, can detect in real time simultaneously
Delete relative recording, ensure that can trusted application program normal starting, when avoiding Malware to application program launching
Malice prevents, and improves the security performance of system.
To achieve the goals above, in the terminal of second aspect of the present invention embodiment application program starting control device,
It include: receiving module, for receiving the enabled instruction for being directed to the application program;Judgment module, for judging in the terminal
Prevent whether the strategy of process initiation is opened by digital signature;Read module, for judging institute in the judgment module
It states when preventing the strategy of process initiation from having turned on by digital signature, is preset in registration table address from the first of the terminal
Read digital signature information;And update module, for the digital signature according to preset white list library to reading
Certificate information is updated, so that the operating system of the terminal starts institute according to the updated digital signature information
State application program.
The starting control device of application program in the terminal of the embodiment of the present invention is received in receiving module for using journey
When the enabled instruction of sequence, it can be judged to prevent whether the strategy of process initiation is opened by digital signature in terminal by judgment module
It opens, if had turned on, is preset in registration table address by read module from the first of terminal and read digital signature information,
And be updated by update module according to digital signature information of the preset white list library to reading, i.e., according to preset
White list library is to preventing the corresponding digital signature information of process initiation strategy from being updated, so that the operating system root of terminal
Start application program according to updated digital signature information, so that the digital signature when normal or legal application program is demonstrate,proved
When letter breath is written to above-mentioned strategy, it can detect in real time and delete relative recording, ensure that can trusted application journey
The normal starting of sequence avoids malice of the Malware to application program launching when from preventing, improves the security performance of system.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partially become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
Above-mentioned and/or additional aspect and advantage of the invention will become from the following description of the accompanying drawings of embodiments
Obviously and it is readily appreciated that, in which:
Fig. 1 is the flow chart of the starting control method of application program in terminal according to an embodiment of the invention;
Fig. 2 is the structural schematic diagram of the starting control device of application program in terminal according to an embodiment of the invention;
And
Fig. 3 is the structural representation of the starting control device of application program in terminal accord to a specific embodiment of that present invention
Figure.
Specific embodiment
The embodiment of the present invention is described below in detail, examples of the embodiments are shown in the accompanying drawings, wherein from beginning to end
Same or similar label indicates same or similar element or element with the same or similar functions.Below with reference to attached
The embodiment of figure description is exemplary, it is intended to is used to explain the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings the starting control method and device of application program in terminal according to an embodiment of the present invention are described.
It is appreciated that by taking operating system is Microsoft Windows as an example, Microsoft Windows operating system
The original design intention of offer software limitation policy is the invasion in order to protect system from fly-by-night application program, but have
This strategy is but utilized in Malware, and the digital signature of normal software or application program is added to the software limitation policy
In, in this way, the process for making this kind of digital signature is on startup, will be prevented to start by system.Especially it is as having
It unites the software or application program of function of safety protection, if Malware is by this kind of software or the digital signature of application program
Information is added in software limitation policy, then the correlative protection process of this kind of software or application program on startup, will be
System prevents starting, so that this kind of software or the safeguard function of application program will not come into force, so that rogue program can endanger
Evil system, so that system is in danger.
For this purpose, in order to ensure that normal or legal application program can operate normally on an operating system, and avoid malice
Malice when software is to application program launching prevents, and the invention proposes a kind of starting control methods of application program in terminal.
Fig. 1 is the flow chart of the starting control method of application program in terminal according to an embodiment of the invention.It needs
Illustrate, in an embodiment of the present invention, terminal can be mobile terminal or PC machine (Personal Computer, individual
Computer), which can be mobile phone, tablet computer, personal digital assistant etc. and sets with the hardware of various operating systems
It is standby.Wherein, it in order to facilitate the description of this invention, will be said so that operating system is Microsoft Windows as an example below
It is bright, it will be understood that operating system is that Microsoft Windows is example, is not the specific restriction to the operating system.
As shown in Figure 1, the starting control method of application program includes: in the terminal
S110 receives the enabled instruction for being directed to application program, and judges to prevent process by digital signature in terminal
Whether the strategy of starting is opened.
It is appreciated that digital signature (also known as public key digital signature, Electronic Signature) is a kind of similar write on paper
Common physical signature, but the technology in public key encryption field has been used to realize, the method for identifying digital information.Wherein,
A set of digital signature usually defines two kinds of complementary operations, and one is used to sign, another is for verifying.
It is further appreciated that process is application program in terminal about the primary operation activity on certain data acquisition system, it is eventually
Operating system in end carries out the basic unit of Resource Distribution and Schedule, is the basis of operating system configuration, if some is applied
The process of program is performed, then represents the application program and be performed.
In addition, above-mentioned strategy also refers to the software limitation policy in operating system, which allows by identifying and specifying
A little application programs can be run.It is appreciated that in Microsoft Windows operating system, provides a kind of strategy and be called
Group policy, group policy include that a kind of strategy is called software limitation policy, the digital signature for passing through software using software limitation policy
Which application program certificate allows run to identify and specify, and the relevant information of digital signature is recorded in registration table,
Wherein registration table is a significant data library in Microsoft Windows operating system, for storage system and applies journey
The setting information of sequence.
Specifically, in one embodiment of the invention, the operating system that can receive user or terminal is directed to using journey
The specific start-up operations such as the enabled instruction of sequence input, such as user click, double-click application program, or directly journey is applied in operation
The script of sequence can judge to prevent by digital signature in terminal by following steps when receiving the enabled instruction
Process initiation strategy whether open: firstly, in read operation system HKEY_LOCAL_MACHINE Software
Policies Microsoft Windows safer AuthenticodeEnabled under codeidentifiers registry entry
The value of registry key judges in terminal if the value of the AuthenticodeEnabled registry key is 0 through number label
Name certificate prevents the strategy of process initiation from not opening;If the value of the AuthenticodeEnabled registry key is not 0,
Judge to prevent the strategy of process initiation from having turned on by digital signature in terminal.
For example, the icon of application program A wishes to start application program A on user click mobile terminal, moves at this time
The operating system of terminal just can read the HKEY_LOCAL_MACHINE Software of application program A in an operating system
Policies Microsoft Windows safer under codeidentifiers registry entry, type be REG_DWORD's
The value of AuthenticodeEnabled registry key, when the value is not 0, when for example 1, then it represents that had turned in terminal and pass through number
Word signing certificate prevents the strategy of process initiation, then application program A can be prevented to start by operating system.In order to guarantee application program
A can normally start, and need to continue to execute step S120.
S120, if it is determined that preventing the strategy of process initiation from having turned on by digital signature, then from the first of terminal
Digital signature information is read in default registration table address.
Specifically, after receiving enabled instruction, if read out under the corresponding registry entry of application program
The value of AuthenticodeEnabled registry key is 1, then shows to prevent the strategy of process initiation from opening by digital certificate
It opens, that is to say, that system can prevent always the starting of the application program, at this moment preset in registration table address and read from the first of terminal
Digital signature information is taken, wherein the first default registration table address is stored with the setting letter of the application program of current system prevention
Breath, digital signature information, type, priority assignation including application program etc..
Wherein, in an embodiment of the present invention, the above-mentioned first default registration table address can include:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates;Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates。
It is appreciated that by taking operating system is the PC machine of Microsoft Windows as an example, wherein the Microsoft
Windows can be divided into 32 and 64, and there are two registration table address can be reserved for digital signature in the 32-bit operating system
Information, i.e.,
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\
Disallowed Certificates and HKEY_CURRENT_USER Software Policies Microsoft
SystemCertificates\Disallowed\Certificates;In addition to above-mentioned 32 bit manipulation system in the 64 bit manipulation system
Except that two registration table address in system, there are also other two registration table address can be reserved for digital signature information, i.e.,
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software
Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates.Cause
This, in order to ensure that the starting control method of application program in terminal of the invention can be widely applied, and improves accuracy, so
The aforementioned four digital signature information registering table address that can save can be read out, to guarantee that digital signature is believed
Breath is all read.
It is further appreciated that being to connect by reading out digital signature information from aforementioned four registration table address
Get off judge to be prevented from terminal starting application program whether be can trusted application program.
S130 is updated, so that the behaviour of terminal according to digital signature information of the preset white list library to reading
Make system and application program is started according to updated digital signature information.
Wherein, in an embodiment of the present invention, preset white list library include can trusted application program related letter
Breath, such as preserve the digital signature information of application program.It is appreciated that the preset white list library can be and pass through use
Family will manually allow in advance the digital signature information of the application program run summarized and the database established, or
Be by certain strategy generating, such as according to application program publisher title, have virus-free, digital signature information, use
The usage record etc. at family judge can trusted application program, and the digital signature information of the application program is converged
Total and foundation database.
Specifically, can determine whether that the digital signature information read whether there is in white list library, if read
Digital signature information is present in the white list library, then this is present in the digital signature information in white list from
It is deleted in one default registration table address.That is, all application programs for being prevented from starting that will be read from registration table
Digital signature information and white list library in the digital signature information that saves matched, if being prevented from starting
The digital signature information of application program is present in white list library, then shows that the application program is trusted can to apply journey
Sequence then can delete the digital signature information of the application program from the first default registration table, so that the application program
Can normally it start.
Optionally, if what is read from registration table is prevented from the digital signature information of the application program of starting not
Be present in white list library, then show the application program being prevented from not and be can trusted application program, then continue that this is prevented to answer
With the starting of program, i.e., do not modify to the digital signature information in the first default registration table.Thus, it is possible to guarantee not
Can trusted or malice application program be not run starting in operating system, prevent operating system from not answered by these
It is influenced with program.
Further, in order to guarantee the safety of system, prevent rogue program between operating system runtime, it dynamically will just
The digital signature information of normal application program is added in the strategy for preventing process initiation by digital signature, in this hair
In bright one embodiment, when judgement prevents the strategy of process initiation from having turned on by digital signature, starting control
Method, which may also include that, periodically reads digital signature information from the first default registration table address, and judges reading
Digital signature information whether there is in white list library.Pass through digital signature that is, can periodically read
The corresponding digital certificate signature information of application program of starting is prevented, and by itself and the digital certificate signature information in white list library
It is matched, if successful match, by the corresponding digital certificate signature information of the application program from the first default registration table
It deletes.
In order to enable those skilled in the art becomes more apparent upon the present invention, can illustrate below.
For example, it is assumed that terminal is PC machine, and operating system is Microsoft Windows, is prevented from process initiation
Application program is the application program B with defense function, in order to enable application program B can ensure the safety of operating system, because
This, need to start the service processes of application program B in Windows operating system starting up, which is and applies journey
The defence of sequence B drives communication, and processing defence drives the data interception of upthrow, so for the entire safeguard function of application program B,
The service processes of application program B are most important.However, Malware can HKEY_LOCAL_MACHINE Software
Policies Microsoft Windows safer under codeidentifiers registry entry, will
The value of AuthenticodeEnabled registry key is set to 1, opens the strategy that process initiation is prevented by digital signature,
Then by any one in the digital signature information write-in following four registration table of application program B, i.e. HKEY_LOCAL_
MACHINE\Software\Policies\Microsoft\SystemCertificates\Disallowed\
Certificates、HKEY_CURRENT_USER\Software\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates、HKEY_LOCAL_MACHINE\Software\
Wow6432Node Policies Microsoft SystemCertificates Disallowed Certificates or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\
Disallowed Certificates, in this way when application program B service processes starting when, operating system may be prevented from applying
The service processes of program B start, and the entire defence processing logic of application program B is at state of paralysis, and rogue program will endanger
Evil operating system.If when receiving the enabled instruction of service processes of starting application program B, starting control through the invention
Method processed, which performs corresponding processing application program B, can be realized the normal operation of application program B on an operating system.That is,
It can be every circulation searching in the registration table address that a period of time stores digital signature information at four above, if finding application
The digital signature information of program B then deletes the digital signature information of application program B from the registration table address
It removes, in this way when the starting of the service processes of application program B, operating system would not prevent the service processes of application program B from starting,
The entire defence processing logic of application program B will come into force, so that operating system be protected not destroyed by rogue program.
The starting control method of application program in the terminal of the embodiment of the present invention refers to receiving the starting for application program
When enabling, it can determine whether to prevent whether the strategy of process initiation is opened by digital signature in terminal, if had turned on, from end
Digital signature information is read in the default registration table address of the first of end, and according to preset white list library to the number of reading
Signing certificate information is updated, so that the operating system of terminal applies journey according to the starting of updated digital signature information
Sequence is updated the corresponding digital signature information of prevention process initiation strategy according to preset white list library, so that
When the digital signature information of normal or legal application program is written to above-mentioned strategy, can detect in real time simultaneously
Delete relative recording, ensure that can trusted application program normal starting, when avoiding Malware to application program launching
Malice prevents, and improves the security performance of system.
In order to realize above-described embodiment, the invention also provides a kind of starting control devices of application program in terminal.
Fig. 2 is the structural schematic diagram of the starting control device of application program in terminal according to an embodiment of the invention.
It should be noted that in an embodiment of the present invention, terminal can be mobile terminal or PC machine (Personal Computer,
Personal computer), which can be mobile phone, tablet computer, personal digital assistant etc. with the hard of various operating systems
Part equipment.Wherein, in order to facilitate the description of this invention, below will by operating system be Microsoft Windows for into
Row explanation, it will be understood that operating system is that Microsoft Windows is example, is not to the specific of the operating system
It limits.
As shown in Fig. 2, in the terminal starting control device of application program include: receiving module 210, judgment module 220,
Read module 230 and update module 240.
Wherein, receiving module 210 is used to receive the enabled instruction for application program.It is appreciated that above-mentioned enabled instruction
It is the specific start-up operations such as the enabled instruction that user is directed to application program input, such as user click, double-click application program, or
It is the script of direct operation application program.
Judgment module 220 is used to judge in terminal to prevent whether the strategy of process initiation is opened by digital signature.
Specifically, in one embodiment of the invention, the operation of user or terminal can be received by receiving module 210
System is directed to the enabled instruction of application program input, and when receiving the enabled instruction, judgment module 220 can pass through following steps
To judge to prevent whether the strategy of process initiation is opened by digital signature in terminal: firstly, in read operation system
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\safer\codeidentifiers
The value of AuthenticodeEnabled registry key under registry entry, if the AuthenticodeEnabled registry key
Value is 0, then judges to prevent the strategy of process initiation from not opening by digital signature in terminal;If should
The value of AuthenticodeEnabled registry key is not 0, then judges to prevent process initiation by digital signature in terminal
Strategy have turned on.
For example, the icon of application program A wishes to start application program A on user click mobile terminal, judges at this time
Module 220 just can read the HKEY_LOCAL_MACHINE Software Policies of application program A in an operating system
Microsoft Windows safer under codeidentifiers registry entry, type be REG_DWORD's
The value of AuthenticodeEnabled registry key, when the value is not 0, when for example 1, then it represents that had turned in terminal and pass through number
Word signing certificate prevents the strategy of process initiation, then application program A can be prevented to start by operating system.
Read module 230 is used to judge the strategy for preventing process initiation by digital signature in judgment module 220
When having turned on, is preset in registration table address from the first of terminal and read digital signature information.
Specifically, it after receiving module 210 receives enabled instruction, is corresponded to if it is determined that module 220 reads out application program
Registry entry under AuthenticodeEnabled registry key value be 1, then show by digital certificate prevent process open
Dynamic strategy has been switched on, that is to say, that system can prevent always the starting of the application program, and at this moment read module 230 is from terminal
The first default registration table address in read digital signature information, wherein the first default registration table address is stored with current system
The setting information for the application program prevented of uniting, digital signature information, type, priority assignation including application program etc..
Wherein, in an embodiment of the present invention, the above-mentioned first default registration table address can include:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates;Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates。
It is appreciated that by taking operating system is the PC machine of Microsoft Windows as an example, wherein the Microsoft
Windows can be divided into 32 and 64, and there are two registration table address can be reserved for digital signature in the 32-bit operating system
Information, i.e. HKEY_LOCAL_MACHINE Software Policies Microsoft SystemCertificates
Disallowed Certificates and HKEY_CURRENT_USER Software Policies Microsoft
SystemCertificates\Disallowed\Certificates;In addition to above-mentioned 32 bit manipulation system in the 64 bit manipulation system
Except that two registration table address in system, there are also other two registration table address can be reserved for digital signature information, i.e.,
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates Disallowed Certificates and HKEY_CURRENT_USER Software
Wow6432Node\Policies\Microsoft\SystemCertificates\Disallowed\Certificates.Cause
This, in order to ensure that the starting control method of application program in terminal of the invention can be widely applied, and improves accuracy, so
The aforementioned four digital signature information registering table address that can save can be read out, to guarantee that digital signature is believed
Breath is all read.
It is further appreciated that read module 230 is believed by reading out digital signature from aforementioned four registration table address
Breath, be in order to next judge to be prevented from terminal the application program of starting whether be can trusted application program.
Update module 240 is used to be updated according to digital signature information of the preset white list library to reading, with
The operating system of terminal is set to start application program according to updated digital signature information.
Wherein, in an embodiment of the present invention, preset white list library include can trusted application program related letter
Breath, such as preserve the digital signature information of application program.It is appreciated that the preset white list library can be and pass through use
Family will manually allow in advance the digital signature information of the application program run summarized and the database established, or
Be by certain strategy generating, such as according to application program publisher title, have virus-free, digital signature information, use
The usage record etc. at family judge can trusted application program, and the digital signature information of the application program is converged
Total and foundation database.
Specifically, in one embodiment of the invention, as shown in figure 3, update module 240 may include judging unit
241 and updating unit 242.Specifically, judging unit 241 be used for judge read digital signature information with the presence or absence of in
In white list library, if it is determined that the digital signature information that the judgement of unit 241 is read is present in white list library, updating unit
242 are deleted the digital signature information being present in white list library from the first default registration table address.
That is, judging unit 241 by read from registration table it is all be prevented from starting application programs number
The digital signature information saved in word signing certificate information and white list library is matched, if being prevented from the application of starting
The digital signature information of program is present in white list library, then show the application program be can trusted application program,
Updating unit 242 can delete the digital signature information of the application program from the first default registration table, so that this is answered
Can normally it be started with program.
Optionally, if it is determined that the number label for the application program for being prevented from starting that unit 241 is read from registration table
Name certificate information is not present in white list library, then show the application program being prevented from not and be can trusted application program, then
The starting for continuing to prevent the application program, i.e., do not modify to the digital signature information in the first default registration table.By
This, it is ensured that can not trusted or malice application program be not run starting in operating system, prevent from operating
System is not influenced by these application programs.
Further, in order to guarantee the safety of system, prevent rogue program between operating system runtime, it dynamically will just
The digital signature information of normal application program is added in the strategy for preventing process initiation by digital signature, in this hair
In bright one embodiment, read module 230 is also used to: judging to prevent process by digital signature in judgment module 220
When the strategy of starting has turned on, digital signature information periodically is read from the first default registration table address, judges list
The digital signature information that 241 judgement of member is read whether there is in white list library, if it is present updating unit 242 will
The digital signature information being present in white list library is deleted from the first default registration table address.That is, reading
Module 230 can periodically read the corresponding digital certificate signature letter of application program that starting is prevented by digital signature
It is matched with the digital certificate signature information in white list library, if successful match, is updated by breath, judging unit 241
Unit 242 deletes the corresponding digital certificate signature information of the application program from the first default registration table.
The starting control device of application program in the terminal of the embodiment of the present invention is received in receiving module for using journey
When the enabled instruction of sequence, it can be judged to prevent whether the strategy of process initiation is opened by digital signature in terminal by judgment module
It opens, if had turned on, is preset in registration table address by read module from the first of terminal and read digital signature information,
And be updated by update module according to digital signature information of the preset white list library to reading, i.e., according to preset
White list library is to preventing the corresponding digital signature information of process initiation strategy from being updated, so that the operating system root of terminal
Start application program according to updated digital signature information, so that the digital signature when normal or legal application program is demonstrate,proved
When letter breath is written to above-mentioned strategy, it can detect in real time and delete relative recording, ensure that can trusted application journey
The normal starting of sequence avoids malice of the Malware to application program launching when from preventing, improves the security performance of system.
In the description of the present invention, it is to be understood that, term " first ", " second " are used for description purposes only, and cannot
It is interpreted as indication or suggestion relative importance or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In the description of the present invention, " multiple "
It is meant that at least two, such as two, three etc., unless otherwise specifically defined.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or spy described in conjunction with this embodiment or example
Point is included at least one embodiment or example of the invention.In the present specification, schematic expression of the above terms are not
It must be directed to identical embodiment or example.Moreover, particular features, structures, materials, or characteristics described can be in office
It can be combined in any suitable manner in one or more embodiment or examples.In addition, without conflicting with each other, the skill of this field
Art personnel can tie the feature of different embodiments or examples described in this specification and different embodiments or examples
It closes and combines.
Any process described otherwise above or method description are construed as in flow chart or herein, and expression includes
It is one or more for realizing specific logical function or process the step of executable instruction code module, segment or portion
Point, and the range of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discussed suitable
Sequence, including according to related function by it is basic simultaneously in the way of or in the opposite order, to execute function, this should be of the invention
Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use
In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (such as computer based system, including the system of processor or other can be held from instruction
The instruction fetch of row system, device or equipment and the system executed instruction) it uses, or combine these instruction execution systems, device or set
It is standby and use.For the purpose of this specification, " computer-readable medium ", which can be, any may include, stores, communicates, propagates or pass
Defeated program is for instruction execution system, device or equipment or the dress used in conjunction with these instruction execution systems, device or equipment
It sets.The more specific example (non-exhaustive list) of computer-readable medium include the following: there is the electricity of one or more wirings
Interconnecting piece (electronic device), portable computer diskette box (magnetic device), random access memory (RAM), read-only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program on it or other are suitable
Medium, because can then be edited, be interpreted or when necessary with it for example by carrying out optical scanner to paper or other media
His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned
In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware
Any one of column technology or their combination are realized: having a logic gates for realizing logic function to data-signal
Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are understood that realize all or part of step that above-described embodiment method carries
It suddenly is that relevant hardware can be instructed to complete by program, the program can store in a kind of computer-readable storage medium
In matter, which when being executed, includes the steps that one or a combination set of embodiment of the method.
It, can also be in addition, each functional unit in each embodiment of the present invention can integrate in a processing module
It is that each unit physically exists alone, can also be integrated in two or more units in a module.Above-mentioned integrated mould
Block both can take the form of hardware realization, can also be realized in the form of software function module.The integrated module is such as
Fruit is realized and when sold or used as an independent product in the form of software function module, also can store in a computer
In read/write memory medium.
Storage medium mentioned above can be read-only memory, disk or CD etc..Although having been shown and retouching above
The embodiment of the present invention is stated, it is to be understood that above-described embodiment is exemplary, and should not be understood as to limit of the invention
System, those skilled in the art can be changed above-described embodiment, modify, replace and become within the scope of the invention
Type.
Claims (10)
1. the starting control method of application program in a kind of terminal, which comprises the following steps:
The enabled instruction for being directed to the application program is received, and judges to prevent process from opening by digital signature in the terminal
Whether dynamic strategy is opened;
If it is determined that described prevent the strategy of process initiation from having turned on by digital signature, then first from the terminal is pre-
Digital signature information is read in table address if registering;And
It is updated according to the digital signature information of the preset white list library to reading, so that the operation of the terminal
System starts the application program according to the updated digital signature information.
2. the starting control method of application program in terminal as described in claim 1, which is characterized in that described according to preset
White list library is updated the digital signature information of reading and specifically includes:
Judge that the digital signature information of the reading whether there is in the white list library;
If it is present the digital signature information being present in the white list library is preset from described first
It is deleted in registration table address.
3. the starting control method of application program in terminal as claimed in claim 2, which is characterized in that pass through described in the judgement
When digital signature prevents the strategy of process initiation from having turned on, the method also includes:
The digital signature information periodically is read from the described first default registration table address, and judges the reading
Digital signature information whether there is in the white list library.
4. the starting control method of application program in terminal as described in claim 1, which is characterized in that the described first default note
Volume table address include:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates;Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates。
5. the starting control method of application program in terminal as described in claim 1, which is characterized in that the judgement end
It prevents the strategy of process initiation from whether opening by digital signature in end to specifically include:
Read HKEY_LOCAL_MACHINE Software Policies Microsoft Windows
Safer under codeidentifiers registry entry AuthenticodeEnabled registry key value;
If the value of the AuthenticodeEnabled registry key is 0, judge to demonstrate,prove in the terminal by digital signature
Book prevents the strategy of process initiation from not opening;
If the value of the AuthenticodeEnabled registry key is not 0, judge to pass through digital signature in the terminal
Certificate prevents the strategy of process initiation from having turned on.
6. the starting control device of application program in a kind of terminal characterized by comprising
Receiving module, for receiving the enabled instruction for being directed to the application program;
Judgment module prevents whether the strategy of process initiation is opened by digital signature in the terminal for judging;
Read module, for having been opened in the judgment module judgement strategy by digital signature prevention process initiation
Qi Shi presets in registration table address from the first of the terminal and reads digital signature information;And
Update module, for being updated according to the digital signature information of the preset white list library to reading, so that
The operating system of the terminal starts the application program according to the updated digital signature information.
7. the starting control device of application program in terminal as claimed in claim 6, which is characterized in that the update module packet
It includes:
Judging unit, for judging that the digital signature information of the reading whether there is in the white list library;
Updating unit, for judging that the digital signature information of the reading is present in the white list in the judging unit
When in library, from the described first default registration table by the digital signature information being present in the white list library
It is deleted in location.
8. the starting control device of application program in terminal as claimed in claim 7, which is characterized in that
The read module is also used to judge the plan for preventing process initiation by digital signature in the judgment module
When slightly having turned on, the digital signature information periodically is read from the described first default registration table address.
9. the starting control device of application program in terminal as claimed in claim 6, which is characterized in that the described first default note
Volume table address include:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\
Disallowed\Certificates;
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates;Or
HKEY_CURRENT_USER\Software\Wow6432Node\Policies\Microsoft\
SystemCertificates\Disallowed\Certificates。
10. the starting control device of application program in terminal as claimed in claim 6, which is characterized in that the judgment module
It is specifically used for:
Read HKEY_LOCAL_MACHINE Software Policies Microsoft Windows
Safer under codeidentifiers registry entry AuthenticodeEnabled registry key value;
If the value of the AuthenticodeEnabled registry key is 0, judge to demonstrate,prove in the terminal by digital signature
Book prevents the strategy of process initiation from not opening;
If the value of the AuthenticodeEnabled registry key is not 0, judge to pass through digital signature in the terminal
Certificate prevents the strategy of process initiation from having turned on.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776511.7A CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510776511.7A CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105335197A CN105335197A (en) | 2016-02-17 |
| CN105335197B true CN105335197B (en) | 2019-02-12 |
Family
ID=55285758
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510776511.7A Active CN105335197B (en) | 2015-11-12 | 2015-11-12 | The starting control method and device of application program in terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105335197B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107391166B (en) * | 2017-06-05 | 2022-01-25 | 深圳市优博讯科技股份有限公司 | Android application installation method and system, computer device and readable storage medium |
| CN108427880B (en) * | 2018-03-07 | 2022-09-16 | 北京元心科技有限公司 | Program running method and device |
| CN110209513B (en) * | 2019-06-06 | 2021-06-22 | 北京金山安全软件有限公司 | Broadcast registration method, device, equipment and medium of application program |
| CN110348180B (en) * | 2019-06-20 | 2021-07-30 | 苏州浪潮智能科技有限公司 | Application program starting control method and device |
| CN110995882A (en) * | 2019-12-03 | 2020-04-10 | 云南电网有限责任公司信息中心 | Method and system for adding trusted sites of browser |
| CN111143843B (en) * | 2019-12-12 | 2022-04-12 | 绿盟科技集团股份有限公司 | Malicious application detection method and device |
| CN112948831B (en) * | 2021-03-12 | 2024-02-13 | 安天科技集团股份有限公司 | Application risk identification method and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
-
2015
- 2015-11-12 CN CN201510776511.7A patent/CN105335197B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299918A (en) * | 2011-07-08 | 2011-12-28 | 盛大计算机(上海)有限公司 | Network transaction safety system and method thereof |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105335197A (en) | 2016-02-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105335197B (en) | The starting control method and device of application program in terminal | |
| US9342711B2 (en) | Systems and methods for controlling access to peripherals of a computer system by software applications | |
| US8516260B2 (en) | Method, apparatus, and device for providing security among a calling function and a target function | |
| US20170132430A1 (en) | Apparatus for and Method of Preventing Unsecured Data Access | |
| CN113312676B (en) | Data access method and device, computer equipment and readable storage medium | |
| US10289860B2 (en) | Method and apparatus for access control of application program for secure storage area | |
| US9836601B2 (en) | Protecting anti-malware processes | |
| CN109918919A (en) | Authenticate the management of variable | |
| US10979450B2 (en) | Method and system for blocking phishing or ransomware attack | |
| US8990932B2 (en) | System and method for prevention of malware attacks on data | |
| CN105760787B (en) | System and method for the malicious code in detection of random access memory | |
| KR20140051350A (en) | Digital signing authority dependent platform secret | |
| US9516031B2 (en) | Assignment of security contexts to define access permissions for file system objects | |
| CN106021027A (en) | Terminal data processing method and system | |
| Zolkin et al. | Problems of personal data and information protection in corporate computer networks | |
| Siddiqui et al. | Hardware based protection against malwares by PUF based access control mechanism | |
| US20090055683A1 (en) | Method of restoring previous computer configuration | |
| CN101114322A (en) | Application program filtering method and apparatus for | |
| CN107682528A (en) | A kind of means of communication, device and terminal | |
| EP1679564A1 (en) | Programmable controller | |
| CN111125796B (en) | Method, device, equipment and storage medium for protecting mobile storage equipment | |
| US11882123B2 (en) | Kernel level application data protection | |
| WO2021169106A1 (en) | Trusted startup method and apparatus, electronic device and readable storage medium | |
| Volokitin | Exploiting JCVM on Smart Cards Using Forged References in the API Calls | |
| CN115080983A (en) | Kernel function hiding method and device, terminal device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20181213 Address after: 519030 Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province Applicant after: Zhuhai Leopard Technology Co.,Ltd. Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong. Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd. Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |